Exchange ActiveSync mailbox policies let you apply a common set of policy or security settings to a user or group of users. The following table summarizes the settings you can specify using Exchange ActiveSync mailbox policies.

This setting specifies whether the mobile phone can synchronize with a computer through a cable, Bluetooth, or IrDA connection. This policy setting requires an Exchange Enterprise Client Access License.

Allow HTML E-mail

This setting specifies whether e-mail synchronized to the mobile phone can be in HTML format. If this setting is set to $false, all e-mail is converted to plain text.

Allow Internet Sharing

This setting specifies whether the mobile phone can be used as a modem for a desktop or a portable computer. This policy setting requires an Exchange Enterprise Client Access License.

AllowIrDA

This setting specifies whether infrared connections are allowed to and from the mobile phone. This policy setting requires an Exchange Enterprise Client Access License.

Allow non-provisionable devices

This setting specifies whether older phones that may not support application of all policy settings are allowed to connect to Exchange 2010 by using Exchange ActiveSync.

Allow POPIMAPEmail

This setting specifies whether the user can configure a POP3 or an IMAP4 e-mail account on the mobile phone.

This setting requires that a password contains numeric and non-numeric characters.

Approved Application List

This setting stores a list of approved applications that can be run on the mobile phone. This policy setting requires an Exchange Enterprise Client Access License.

Attachments enabled

This setting enables attachments to be downloaded to the mobile phone.

Device encryption enabled

This setting enables encryption on the mobile phone. Not all mobile phones can enforce encryption. For more information, see the phone and mobile operating system documentation.

Password enabled

This setting enables the mobile phone password.

Password expiration

This setting enables the administrator to configure a length of time after which a mobile phone password must be changed.

Password history

This setting specifies the number of past passwords that can be stored in a user's mailbox. A user can't reuse a stored password.

Policy refresh interval

This setting defines how frequently the mobile phone updates the Exchange ActiveSync policy from the server.

Maximum attachment size

This setting specifies the maximum size of attachments that are automatically downloaded to the mobile phone.

Maximum calendar age filter

This setting specifies the maximum range of calendar days that can be synchronized to the mobile phone. The value is specified in days.

Maximum failed password attempts

This setting specifies how many times an incorrect password can be entered before the mobile phone performs a wipe of all data.

Maximum inactivity time lock

This setting specifies the length of time that a mobile phone can go without user input before it locks.

Minimum password length

This setting specifies the minimum password length.

Maximum e-mail age filter

This setting specifies the maximum number of days' worth of e-mail items to synchronize to the mobile phone. The value is specified in days.

Maximum HTML e-mail body truncation size

This setting specifies the size beyond which HTML-formatted e-mail messages are truncated when they are synchronized to the mobile phone. The value is specified in kilobytes (KB).

Minimum device password complex characters

This setting specifies the minimum number of complex characters required in a mobile phone password. A complex character is any character that is not a letter.

Maximum e-mail body truncation size

This setting specifies the size beyond which e-mail messages are truncated when they are synchronized to the mobile phone. The value is specified in kilobytes (KB).

Password recovery

When this setting is enabled, the mobile phone generates a recovery password that's sent to the server. If the user forgets their mobile phone password, the recovery password can be used to unlock the mobile phone and enable the user to create a new mobile phone password.

Require Device Encryption

This setting specifies whether device encryption is required. If set to $true, the mobile phone must be able to support and implement encryption to synchronize with the server.

Require encrypted S/MIME messages

This setting specifies whether S/MIME messages must be encrypted.

Require manual synchronization while roaming

This setting specifies whether the mobile phone must synchronize manually while roaming. Allowing automatic synchronization while roaming will frequently lead to larger-than-expected data costs for the mobile phone plan.

Require storage card encryption

This setting specifies whether the storage card must be encrypted. Not all mobile phone operating systems support storage card encryption. For more information, see your mobile phone and mobile operating system for more information.

Unapproved InROM application list

This setting specifies a list of applications that cannot be run in ROM. This policy setting requires an Exchange Enterprise Client Access License.

For example, you can create a policy that you apply to all users in your Exchange organization. The following table lists possible settings for this policy.

Sample Exchange ActiveSync mailbox policy settings for all users

Setting

Value

Allow non-provisionable devices

False

Allow POPIMAPEmail

True

Allow Remote Desktop

True

Allow simple password

True

Allow S/MIME software certificates

True

Allow storage card

False

Allow text messaging

True

Allow unsigned applications

False

Allow unsigned installation packages

True

Allow Wi-Fi

False

Alphanumeric password required

True

Approved Application List

Null

Attachments enabled

True

Device encryption enabled

True

Maximum calendar age filter

15

Maximum attachment size

500 kilobytes (KB)

Maximum failed password attempts

4

Minimum password length

4

Maximum e-mail age filter

10

Maximum e-mail body truncation size

3 KB

Minimum device password complex characters

2

Maximum HTML e-mail body truncation size

7 KB

Password enabled

True

Password expiration

10 days

Password history

8 passwords stored

Require manual synchronization while roaming

True

UNC file access

Disabled

WSS file access

Disabled

Note:

You don't have to specify all policy settings when you create a new Exchange ActiveSync mailbox policy. Any policy setting you don't explicitly set will keep its default value.

Exchange ActiveSync mailbox policies can be created in the Exchange Management Console or the Exchange Management Shell. If you create a policy in the EMC, you can configure only a subset of the available settings. You can configure the rest of the settings using the Shell.

When you install Exchange 2010, a default Exchange ActiveSync mailbox policy is created. The default policy is automatically applied when a new user is created through the EMC or the Shell.